Several projects expressed interest in reusing Tails to build different live distributions, also called derivatives, to fulfill slightly different goals.
Tails being Free Software this is not only possible but encouraged, because the more people look at our code and work on it, the better it gets. Still, at this time we don't know of any Tails derivative.
Derivatives have been imagined to:
- Include additional features or software that we are not ready to add to Tails (for example to include different pluggable transports or cryptocurrencies).
- Have custom branding or configuration (for example to provide default bridges).
- Provide ISO images with less or different features (for example to have a VPN instead of Tor or a smaller ISO image).
While creating custom ISO images of Tails is relatively easy, we believe that maintaining custom ISO images on the long run is very complicated, and for the following reasons:
We release a new version every 6 weeks which fixes numerous security issues. We also release unscheduled security releases quite often (3-4 times per year).
A derivative with custom ISO images would have to follow the same release schedule to provide ISO images that fix these issues as well.
A derivative with custom ISO images would have to duplicate our quality assurance process and adapt it to its specificities to make sure that it doesn't break any security feature.
We offer automatic upgrades which are binary diffs from one ISO image to the other.
A derivative with custom ISO images would need a similar process and infrastructure or otherwise disable the automatic upgrades mechanism.
We provide authenticated downloads through a custom browser extension and an OpenPGP signing key well connected to the web-of-trust.
It would be hard for a derivative with custom ISO images to provide similar mechanisms.
The anonymity provided by Tor and Tails works by making everybody look the same, especially on the network. Derivatives should be careful about not breaking this anonymity set or they will provide less anonymity to both its users and Tails users.
Derivatives could be tempted to implement some of the features Tails is missing too quickly and hastily.
Still, some of the reasons to create Tails derivatives could be solved by relying on our official ISO images and customizing them at run time. For example, derivatives could:
- Package specific applications in Debian to make them easier to use in Tails.
- Document how to use specific applications in Tails.
- Rely on the customizations mechanisms already available in Tails (additional software packages and persistent storage).
- Help us build in Tails other mechanisms that derivatives might need to adapt Tails to their needs (for example to have persistent DConf settings or additional APT sources).
- Talk with us to see how we can adapt our ISO images and source code to make them easier to reuse for derivatives.
- To include a piece of software into Tails, talk to us as early as possible so we can provide feedback on how to integrate it.
Some other non-technical questions remain open:
- Will derivatives appear as being "Tails" to their users while having different security features than Tails?
- Shall Tails review ourselves the work of derivatives and "endorse" them officially?
- How would the work or reputation of derivatives impact the reputation of Tails?